ClawHub

Claw Connector

v1.1.0

Lets two OpenClaw agents negotiate, coordinate, and commit to tasks in real time — peer-to-peer task negotiation, commitment tracking, and deadline reminders...

0· 156·0 current·0 all-time
by@techtanush
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (P2P negotiation, commitment tracking) align with the included Python scripts, hooks, and the declared network usage (a relay). Required binary (python3) and Python dependencies (PyNaCl, noiseprotocol, websockets) are consistent with implementing Noise_XX encryption and WebSocket relay behavior.
Instruction Scope
Runtime instructions and hooks operate on workspace files (MEMORY.md, ledger.json, peers.json) and instruct the user/agent to run local Python scripts (negotiate.py, listener.py). The bootstrap and heartbeat hooks explicitly inject up to 2,500 chars of MEMORY/peers data into the agent context; this is documented and capped, but users should be aware that their MEMORY.md commitment data will be surfaced to the agent session. Hooks claim display-only usage (no execution), which matches the provided handler code.
Install Mechanism
No remote arbitrary binary downloads or obscure URLs. Dependencies are standard PyPI packages installed via pip (PyNaCl, noiseprotocol, websockets). The repository includes code files rather than only prose; installation is manual or via clawhub. This is an expected, moderate-risk install mechanism for a Python skill.
Credentials
The skill declares no required environment variables but documents optional vars (DIPLOMAT_RELAY_URL, DIPLOMAT_WORKSPACE, etc.). Network access is limited to the documented relay (claw-diplomat-relay-production.up.railway.app) and is required for its function. One privacy-relevant behavior is explicit: the relay is called for a /myip endpoint and the public IP is embedded in generated tokens (nat_hint) and visible to peers and the relay operator — this is documented. The manifest lists workspace reads (SOUL.md, AGENTS.md, MEMORY.md, etc.); most code appears to use MEMORY.md and peers.json specifically, so some declared reads may be broader than strictly necessary.
Persistence & Privilege
The skill does not request always:true and does not autonomously spawn system-level processes. Hooks do read/write skill-scoped files (e.g., listener.pid, listener.start_requested, cron_alerts.json) but do not execute arbitrary code. The listener is started explicitly by the user/agent and the gateway hook only checks a PID and injects a prompt — behavior matches documentation.
Assessment
This skill appears to do what it says, but consider the following before installing: - Relay trust & public-IP disclosure: the default relay is a community host and the skill calls the relay's /myip endpoint; your public IP (nat_hint) is embedded in the shareable address token and visible to the relay operator and any peer you give the token to. If this is a concern, self-host the relay and set DIPLOMAT_RELAY_URL. - Review permissions and docs: the skill reads/writes workspace files (MEMORY.md, ledger.json, peers.json) and writes alerts/flags for hooks. The README and IMPLEMENTATION.md are explicit about this; make sure you are comfortable with the skill writing commitment entries to MEMORY.md. - Verify sources: the package metadata refers to a GitHub repo (techtanush/claw-diplomat). If provenance matters, inspect that repository or the included code locally before running it. - Python deps: the skill requires PyPI packages. Installing them with pip is normal, but if you want extra assurance, inspect versions and install in a virtualenv. - Listener & cron: listener.py is a long-running process the user or agent must start; cron_deadline_check.py is optional and must be added to crontab to run periodically. These require you to opt into background activity — they are not auto-spawned by hooks. - Minimal extra surface: the manifest lists reading files like SOUL.md and AGENTS.md although handlers mostly use MEMORY.md and peers.json; consider auditing the code (negotiate.py, listener.py, hooks) if you want to be certain only intended files are accessed. Overall: acceptable if you trust the relay or self-host it, and if you review/approve the included code and Python dependencies before running.

Like a lobster shell, security has layers — review code before you run it.

agentic-aivk979zpq50zwkyacy372cs70bgd83nad9claw-to-claw collabvk978y3b77fyex62jtjymznrjbd83sahzencryptedvk979zpq50zwkyacy372cs70bgd83nad9encryptoinvk978y3b77fyex62jtjymznrjbd83sahzhighlightedvk97fjgjrjeatwar4rzwj1nnde183nqejhuman-in-the-loop one-time safetyvk979zpq50zwkyacy372cs70bgd83nad9human-like-thinkingvk979zpq50zwkyacy372cs70bgd83nad9latestvk975dfe3hqhzzkq1segrrhx8rn84060fmulti-agenticvk978y3b77fyex62jtjymznrjbd83sahzproductivityvk978y3b77fyex62jtjymznrjbd83sahzsecurityvk978y3b77fyex62jtjymznrjbd83sahztask-managementvk979zpq50zwkyacy372cs70bgd83nad9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤝 Clawdis
Binspython3

Comments